Ständig neue Trojaner - wie löschen?

programmer09 · 16.12.2009, 22:58

Hallo

ich habe ein ganz schön hartnäckiges Problem. Als ich mal mit HijackThis mein System scannte, waren dort ein paar Infektionen. Also habe ich anschließend erstmal mit Malwarebytes gescannt, das mir ungefähr 200 bis 230 Adwareinfektionen und 5-6 Trojaner (Vundo, Trojan.BHO) angezeigt hat. Die Adware habe ich gleich gelöscht, die Trojaner nicht. Danach konnte ich Windows eigentlich vergessen.

Irgendetwas blockierte Taskmanager, ließ mich nichts mehr ausführen lassen und alles bliebt einach stehen (obwohl ich die Maus noch bewegen konnte...)
Nun habe ich im Abgesicherten Modus (der funzt einwandfrei) erst einmal die Trojaner mit Malwarebytes gelöscht und geglaubt, damit sollten sie nun verschwunden sein...
denktste: avira scan ergibt gleich wieder neue Trojaner z.B. TR/Dropper.Gen in Dateien wie werder1.exe oder cocacola.exe oder TR/Killfiles.aml. Außerdem gab es noch eine Datei im System32-Ordner, die ich online mit VirusTotal geprüft hatte. Ergebnis: Ein Backdoor-Trojaner!
Meine Frage: Kann man auch ohne Neuaufsetzen des Systems die Malware löschen? Ich hab nämlich keine Ahnung, wie ich vorgehen soll

.

Vielen Dank im Voraus

PS: soll ich die Anleitung mit CCleaner, Malwarebytes und RSIT befolgen und posten? wenn ja, die kommt dann morgen, heute keine zeit mehr
System: Windows XP SP3

cosinus · 17.12.2009, 12:39

Hallo und

Poste bitte schon erstellte Logfiles. Die Anleitung bitte wie schon von Dir erwähnt bitte vollständig ausführen.

programmer09 · 17.12.2009, 15:32

Das erste Hijackthis-Log mit den Infektionen ist auf dem infizierten Rechner, poste gerade von einem sauberen PC, da unten einmal schon das Passwort geändert wurde. Den schicke ich gleich. Dies ist jetzt der Log von Malwarebytes wie beschrieben mit Adware und Trojaner (die im Nachhinein von Malwarebytes auch noch "entfernt" wurden)

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3373
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

16.12.2009 14:45:57
mbam-log-2009-12-16 (14-45-57).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 147896
Laufzeit: 38 minute(s), 50 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 146
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 23
Infizierte Dateien: 120

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillersche duler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillersche duler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercon trolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercon trolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutt on (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutt on.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersetting scontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersetting scontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplu gin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugi n.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin .1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverin staller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cd-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d2-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d3-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d5-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d7-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0db-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlo ok\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\ Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Not selected for removal.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.D LL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr\History\allow ed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr\History\notal low (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images\011 472FF.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\003D63F1.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\00CB2128.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\CursorMan iaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\FunBuddyI conBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MailStamp Btn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MyFunCard sIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MySignatu reInsertBtn.htmlx (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MySignatu rePreviewBtn.htmlx (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MyStation eryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCen tralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CL ASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00028F65.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\000295FC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\000299A6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\0003CCC7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00045149 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\000710B7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\000AC8EC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\000C261B (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\000DF175 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00100513 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\003380EF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00377498 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\003EF8F8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\003F03D6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\003F0E07.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00B800EB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\00D32B53 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\01064F7D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\012F3E10 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\0170EA33 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\01982308 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\01D775C9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\02584119 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFE ST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFE ST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000318A9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00038F60 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000AC8FC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\002C4B89.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00CC7195.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00CC7389.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00CC74E1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00EC46FF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00EC49CE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00EC4B45.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00F7C3DB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00F7C571 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\016D1A6E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\01CA04BF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\01CA0897.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\02038870 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\02039968 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\02175FD8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\02176A0A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\02176C4C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\02177545.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\021776AC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\021AD5D5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\021AD7D9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\021AD930.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Not selected for removal.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Not selected for removal.
C:\Programme\ICQToolbar\tbu1AF8\toolbaru.dll (Trojan.BHO) -> Not selected for removal.

Sieht heftig aus, ich weiß? Das Löschen es ja nicht gebracht hat.
Die Anleitung mit CCleaner, neues Malwarebytes-Log und RSIT kommt gleich, muss den infizierten noch im Abgesicherten Modus starten. Ich hoffe, dass man mir helfen kann.

programmer09 · 17.12.2009, 17:29

hier sind die logs (ich hoffe ich habe alles zensiert): RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2009-12-17 17:26:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 511 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:57, on 17.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\***.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1175440571\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/154b031d...dxIE601_de.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9198 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Norton Security Scan for ***.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-07 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-17 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-07 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2003-03-21 487696]
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe [2003-11-10 406016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-05-14 55296]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-08-12 335872]
"EPSON Stylus C64 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2003-05-27 99840]
"AOLDialer"=C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe [2006-11-17 71216]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2004-09-11 98304]
"wcmdmgr"=C:\WINDOWS\wt\updater\wcmdmgrl.exe [2001-01-25 20480]
""= []
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"HostManager"=C:\Programme\Gemeinsame Dateien\AOL\1175440571\ee\AOLSoftware.exe [2006-11-17 50736]
"ToADiMon.exe"=C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe [2004-04-15 233539]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"T-Online_Software_6\WLAN-Access Finder"=C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe [2005-08-12 626740]
"AdobeUpdater"=C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [2008-11-08 2356088]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0\aoltray.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*

isabled:RealPlayer"
"C:\Programme\Hasbro Interactive\Clue\Clue.exe"="C:\Programme\Hasbro Interactive\Clue\Clue.exe:*

isabled:Clue"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Programme\T-Online\T-Online_Software_5\Browser\browser.exe"="C:\Programme\T-Online\T-Online_Software_5\Browser\browser.exe:*

isabled:T-Online Browser 5.0"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL Optimized Dial-In"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL Optimized Dial-In"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\CesarFTP\Server.exe"="C:\Programme\CesarFTP\Server.exe:*:Enabled:Server"
"C:\Programme\bin\kfwserv.exe"="C:\Programme\bin\kfwserv.exe:*:Enabled:kfwserv Application"
"C:\Dokumente und Einstellungen\Anette\Lokale Einstellungen\Temp\Rar$EX00.937\MiniWebServer.exe"="C:\Dokumente und Einstellungen\Anette\Lokale Einstellungen\Temp\Rar$EX00.937\MiniWebServer.exe:*:Enabled:MiniWebServer"
"C:\Programme\KeyFocus\KFWS\bin\kfwserv.exe"="C:\Programme\KeyFocus\KFWS\bin\kfwserv.exe:*:Enabled:kfwserv Application"
"C:\Programme\Microsoft Games\Demoversion von Age of Empires II The Conquerors Expansion\age2_x1t.exe"="C:\Programme\Microsoft Games\Demoversion von Age of Empires II The Conquerors Expansion\age2_x1t.exe:*:Enabled:Age of Empires II Expansion"
"C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Programme\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Programme\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"D:\Programme\metin2.bin"="D:\Programme\metin2.bin:*:Enabled:metin2"
"D:\Tobit ClipInc\Server\ClipInc-Server.exe"="D:\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server"
"D:\Tobit ClipInc\Player\ClipInc-Player.exe"="D:\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Java\jre1.5.0_11\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"H:\Warcraft III\Warcraft III.exe"="H:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6573726e-4b5a-11dd-8911-00038a000015}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe

======List of files/folders created in the last 1 months======

2009-12-17 17:26:50 ----D---- C:\rsit
2009-12-17 16:24:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-17 15:47:27 ----D---- C:\Programme\CCleaner
2009-12-16 15:17:40 ----D---- C:\Programme\Avira
2009-12-16 15:17:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-12-16 13:55:34 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2009-12-16 13:55:27 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-16 13:55:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-16 13:51:31 ----D---- C:\Programme\Trend Micro
2009-12-14 14:28:29 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-12-09 22:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 22:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 22:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 22:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 22:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 22:19:43 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 14:00:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real

======List of files/folders modified in the last 1 months======

2009-12-17 17:24:48 ----D---- C:\Programme\Mozilla Firefox
2009-12-17 17:24:03 ----D---- C:\WINDOWS
2009-12-17 15:55:49 ----D---- C:\WINDOWS\Temp
2009-12-17 15:55:49 ----D---- C:\WINDOWS\Minidump
2009-12-17 15:55:49 ----D---- C:\WINDOWS\Debug
2009-12-17 15:47:27 ----RD---- C:\Programme
2009-12-16 21:30:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-16 21:30:15 ----D---- C:\Programme\kikin
2009-12-16 21:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-16 21:02:45 ----D---- C:\WINDOWS\system32
2009-12-16 17:26:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-16 17:26:13 ----SD---- C:\WINDOWS\Tasks
2009-12-16 17:26:12 ----A---- C:\WINDOWS\ModemLog_Standard 28800 bps Modem.txt
2009-12-16 17:15:51 ----D---- C:\WINDOWS\system32\drivers
2009-12-16 17:15:51 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-16 15:19:17 ----HD---- C:\WINDOWS\inf
2009-12-16 15:15:15 ----SHD---- C:\WINDOWS\Installer
2009-12-16 15:15:15 ----D---- C:\Config.Msi
2009-12-16 15:15:14 ----D---- C:\WINDOWS\WinSxS
2009-12-16 13:50:00 ----D---- C:\Programme\Real
2009-12-16 13:49:59 ----D---- C:\Programme\Gemeinsame Dateien\Real
2009-12-16 13:49:49 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Real
2009-12-16 13:49:48 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-14 21:07:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-12-10 11:24:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 22:12:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-09 22:07:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 22:06:17 ----D---- C:\WINDOWS\system32\de-de
2009-12-09 22:06:16 ----D---- C:\Programme\Internet Explorer
2009-12-09 22:05:41 ----D---- C:\WINDOWS\ie7updates
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-24 12:52:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-11-24 11:32:13 ----SHD---- C:\RECYCLER
2009-11-24 11:32:13 ----D---- C:\Dokumente und Einstellungen
2009-11-19 13:25:41 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-10-17 28276]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-02-18 271360]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
S2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\System32\Drivers\ino_fltr.sys []
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-02-18 18048]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-08-12 594432]
S3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS []
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 TNPacket;T-Systems Nova Packet Capture Driver; \??\C:\Programme\T-DSL SpeedManager\TNPACKET.SYS []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 182768]
S2 InoRPC;eTrust Antivirus RPC Server; C:\Programme\CA\eTrust Antivirus\InoRpc.exe [2003-03-21 139536]
S2 InoRT;eTrust Antivirus Realtime Server; C:\Programme\CA\eTrust Antivirus\InoRT.exe [2003-03-21 225552]
S2 InoTask;eTrust Antivirus Job Server; C:\Programme\CA\eTrust Antivirus\InoTask.exe [2003-03-21 229648]
S2 LogWatch;Ereignisprotokoll-Überwachung; C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
S2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2005-04-23 65536]
S2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
S2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CA_LIC_CLNT;CA-Lizenz-Client; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA-Lizenzserver; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-10 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 TSMService;TSMService; C:\Programme\T-DSL SpeedManager\tsmsvc.exe [2004-07-14 147456]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Mbam log:

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3373
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

17.12.2009 17:21:57
mbam-log-2009-12-17 (17-21-57).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 313360
Laufzeit: 1 hour(s), 10 minute(s), 24 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

Ich habe CCleaner ausgeführt wie es beschrieben war. Wie geht es jetzt weiter?

cosinus · 24.12.2009, 11:44

Sorry für die späte Antwort.

Zitat:

Boot mode: Safe mode with network support

RSIT solltest Du im normalen Modus ausführen oder klappt das nicht?

programmer09 · 24.12.2009, 12:18

Dachte schon ich hätte was falsch gemacht.

Habe jetzt neuaufgesetzt, weil das ja die sicherste Lösung ist (und ich dachte, hier will mir keiner mehr antworten

) War auch gar nicht so schwierig, wie ich es mir vorgestellt habe.
Danke dir trotzdem.

Ein schönes Weihnachtsfest

PS: Der normale Modus funktionierte nicht mehr, die Trojaner blockten alles und man konnte halt nichts mehr machen.

17.12.2009, 12:39	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ständig neue Trojaner - wie löschen? Hallo und Poste bitte schon erstellte Logfiles. Die Anleitung bitte wie schon von Dir erwähnt bitte vollständig ausführen. __________________ __________________

Ständig neue Trojaner - wie löschen?

Plagegeister aller Art und deren Bekämpfung: Ständig neue Trojaner - wie löschen?